Opinion: An IE 7.0 Wish List

Although Microsoft co-founder Bill Gates did announce Internet Explorer 7.0 at his RSA Conference keynote last week, he failed to provide any real details as to what it will include.

URL obfuscation and anti-phishing techniques seem like obvious new features, and were stressed as technologies Microsoft is currently working on, but specifics just weren't there.

There are a number of features I'd like to see in IE 7.0. Some of the top ones include:

Something that makes a URL stand out when the underlying link isn't
based on the same URL as the covering link. In other words, if the
covering text says www.mcpmag.com, the underlying link must also start
with that URL. If it doesn't, the underlying link should be displayed
together with its covering text. I realize this could screw up text on
a page, and is problematic if the covering text is simply the words
"click here". Still, we need to get people to realize that what's under
a link isn't necessarily what it says it is. It could come in the form
of a pop-up warning indicating that the link may not be taking you
where you think.

Don't render obfuscated links. If the URL is http://1234567890/fred.htm, don't render it as a link. I can't think
of a legitimate use of such a link in the first place.

A much stricter job of parsing HTML. The HTML specification is pretty free and easy when it comes to what must be in what parameters, or what can be in what tags. Gate's title for his RSA keynote was "Raising the Security Bar"; but what we could use right now is some "Lowering of the tolerance bar" when it comes to HTML specifications. Much stricter interpretation of the HTML specification would dramatically reduce, if not eliminate, many of the spyware/adware scams out there today. Further, it makes content scanning more feasible, as there will be less variation in the expected content structure.

Gates made several other positive announcements during his keynote.

Microsoft's anti-spyware tool will be free to all licensed users of
Windows. Finally, a core product that will deal with these miscreants
and help prevent those evening phone calls from panicked friends and
family members. It doesn't matter to me whether the tool is the most
effective on the block; it provides a basic level of protection that
will only get better over time. Microsoft's Spynet project should yield
great results as more people opt in, giving more user experience
feedback and early warning about new threats.

Microsoft is committed to providing a consumer anti-virus solution,
probably this year. It's one thing for Microsoft to realize its
platform is a feeding ground for viruses, Trojans, bots and worms; it's
another to be responsible for having a product that effectively
protects that platform. It should be very interesting to see how
Microsoft deals with the media over the issue of heuristics (the
ability in anti-virus software to detect a malicious piece of code
without having seen it before). Microsoft should be better at that than
anyone else. Let's see if it succeeds.

Microsoft's acquisition of Sybari is a great step forward for
enterprises. Sybari's product is not an anti-virus solution, but rather
an infrastructure for deploying and managing one or many anti-virus
engines. This means you can create your own multiple scanning
environment, so if one AV vendor doesn't catch something, maybe
another's will. This is an excellent way of minimizing the risk new and
changing viruses can have on an e-mail environment.

Sybari is true plumbing, in the best sense of the word, which is one of Microsoft's strengths. I've been told Microsoft's already integrated the RAV product it acquired as part of GeCAD Software in June 2003 as an engine into Sybari. So I expect to see the initial offering from Microsoft of the repackaged Sybari product to include that engine by default. You can add engines from several of the top AV companies.

Although his keynote lacked a lot of detail, Gates did mention that
this was another step in the "Trustworthy Computing" path he outlined
several years ago in his famous memo. I wish it wouldn't take so long;
but hey, it's a huge company and at that size, it's hard to be quick
on your feet.

Russ Cooper is a Senior Information Security Analyst with
Cybertrust, Inc., www.cybertrust.com. He's also founder and editor of
NTBugtraq, www.ntbugtraq.com, one of the industry's most influential
mailing lists dedicated to Microsoft security. One of the world's most-
recognized security experts, he's often quoted by major media outlets
on security issues.

Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.